Respondents expect threats against sensitive information to continue to rise, with 73% predicting that database attacks will continue to increase. Improving database security is crucial because nearly half (43%) of all enterprise databases contain critical data that can include customer credit card numbers and other personal information.

"The research indicates that enterprise data security, risk and compliance is an enormous challenge, and the high percentage of reported data breaches and failed compliance audits reveal a vital need for improved control processes," said John Ottman, chief executive officer of Application Security, Inc. "DbProtect™ is a best practice solution that provides a single view of database security and compliance across the enterprise."

With 76% of respondents placing purchasing priority on database security for 2009, organizations appear to be taking action. However, despite the severity of the problem nearly 55% of organizations report challenges and note a lack of progress to protect confidential information.

Additional "Database Security Controls" survey key findings

• Maintaining a false sense of security: Eighty-four percent of respondents felt that their organization's data security controls for sensitive information was adequate, but follow-up security questions made it clear that there is a disconnect between the initial responses and realities of preventing hacks and supporting compliance mandates.
  
  
• Failing grades for compliance audits: In addition to the high number of reported data breaches during the past year, organizations failed audits in key categories more than one-third of the time:
  
  
• Internal audits: 48%
  
• Payment Card Industry (PCI) Security Standard: 42%
  
• Health Insurance Portability and Accountability Act (HIPPA): 36%
  
• Gramm-Leach-Bliley Financial Services Modernization Act (GLBA): 36%
  
• Federal Information Security Management Act (FISMA): 38%

The report, commissioned by Application Security, Inc. and executed by Enterprise Strategy Group, is based on 179 in-person and phone surveys with global IT decision makers located in North America.

Survey Webinar and Report Information

Application Security, Inc. will be hosting a webinar discussing the research findings and presenting a best practices model for securing sensitive data and grounding those protections in global compliance initiatives. Jon Oltsik, senior security analyst with Enterprise Strategy Group, and Thom VanHorn, vice president of marketing with Application Security, Inc. will be the presenters.

Title: 2009 Outlook: Bridging the Gap between Data Security & Compliance
Date: Tuesday, December 9, 2008
Time: 11:00 AM - 12:00 PM EST
Register: https://www1.gotomeeting.com/register/265895643

About Application Security, Inc.
Application Security, Inc. (www.appsecinc.com) is the leading provider of cross platform database security, risk and compliance solutions for the enterprise.  Application Security, Inc.’s products – AppDetectivePro and DbProtect – deliver the industry’s most comprehensive database security solution and are in use around the world in the most demanding environments by over 1,000 customers.  The company was named to Inc. Magazine’s 2007 (Inc. 500) and 2008 list of America’s Fastest Growing Private Companies, and was also named to the 2008 Deloitte Technology Fast 50 by Deloitte & Touche.

Contact:

Alex Wallace
Racepoint Group
awallace@racepointgroup.com
781.487.4679